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@ Method and apparatus for user Identification and verification of data packets In a wireless 
communications network 



@ The present invention discloses an apparatus 
and method for transmitting a data packet over 
a wireless network with improved security. Each 
transmitted message includes three segments. 
A first segment includes infomiation klentifying 
the originator of the message, A second seg- 
ment includes a digital signature obtained by 
hashing and encrypting the data to be transmit- 
ted. A third segment includes the data packet 
Upon receiving the message, a wireless receiv- 
ing unit uses the information contained in the 
first segment to retrieve an encryption key and, 
thereby, identify the originator of the message. 
The wireless recehnng unit then hashes and 
encrypts the received data packet according to 
the same hashing and encryption algorithms 
used to form the digital signature. The resulting 
encrypted hashed version of the data packet is 
compared to the received digital signature in 
order to establish the integrity of the received 
data packet 
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FIELD OF THE INVENTION 

The present invention relates generally to com- 
munication systems that transmit infonnation via a 
wireless networit More particuiarly, the present in- • 5 
ventbn relates to user-identification and the verifica- 
tion of data integrity in wireless communication sys- 

BACKGROUND OF THE INVENTION 10 

As communication over multiple access media, 
such as wireless networks, has become increasingly 
popular, the security concerns and risks associated 
with such communication systems also have In- is 
creased. Wireless communicatton systems, for exam- 
ple, pose unique security concerns compared to the 
security risks assodated with wired or tethered sys- 
tems. Communication over wireless networks is more 
vulnerable to. attack by unauthorized persons using 20 
the system In any of a number of ways. Transmission 
of data in the dear, for example, means that the data 
can be monitored or intercepted easily by anyone 
possessing an appropriate receiver. Similarly, trans- 
mission of a user's Identification in the dear opens 25 
the user to traffic analysis. 

Many other threats and vulnerabilities are asso- 
ciated with wireless communicatkm. For example, 
wireless systems are vulnerable to misuse of resourc- 
es assodated with the system, such as the doning of 30 
wireless conruhunlcation devices by persons who are 
not subscribers to the network's services. The doned 
devices can be programmed to indude identif icatbn 
information associated with a legitimate subscriber or 
the subscriber's device. Such techniques allow the 3$ 
non-subscriber to qualify for servbe in a fraudulent 
manner, which may result in unrecoverable costs to 
the service provider 

Yet another security concern pertaining to the 
use of wireless systems, involves one person's trans- 40 
mitting information and denying that the Information 
was sent or attributing the transmission to another 
subscriber. This problem is of particular concern to 
anyone wishing to transact business using wireless 
communication systems. Furthenmore, if business 45 
dealings are to be transacted using wireless systems, 
the parties to the transaction must be assured that 
the integrity of the data is preserved. 

The security issues mentbned above, among 
others, suggest the need for efficient and cost- so 
effective authenticatbn and veriffcatbn technkiues 
for use in wireless communk:ation systems. 

SUMMARY OF THE INVENTION 

55 

The present inventbn disdoses a system for 
transmitting information over a wireless communica- 
tion system with improved security. This system pre- 



ferably comprises a wireless transmitting unit for 
transmitting a message via a wireless network, where 
the message comprises a first segment induding 
kjentif ication information, a second segment indud- 
ing a data packet, and a third segment induding a dig- 
ital signature. The digital signature is obtained by ap- 
plying a hashing algorithm and an encryption algo- 
rithm to the data packet, where the encryptbn algo- 
rithm uses an encryption key corresponding to the 
kJentification information. The system further conv 
prises a wireless network and a wireless receiving 
uniL The wireless receiving unit may comprise circuK 
try for receiving the message and a memory unit for 
storing the encryption key corresponding to the iden- 
tification information. The wireless receiving unit also 
has a hashing unit for hashing the data packetacoord- 
ing to the hashing algorithm to fonm hashed data and 
an encryption unit for forming encrypted hashed data 
by applying the encryption algorithm to the hashed 
data using the encryption key. In addition, the w&e- 
less receding unit may indude a comparing unit for 
comparing the encrypted hashed data to the digital 
signature and a processor for contrdllng the flow of 
dab between other units in the wireless receiving 
unit 

Other features and advantages of the present In- 
vention will be apparent by reference to the fdlowing 
detailed description and accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 illustrates an exemplary wireless commu- 
nication system according to the present invention. 

FIG. 2 shov^ a signed message having three 
segments in accordance with the present inventbn. 

FIG. 3 is a flow chart showing the steps for iden- 
tifying and authenticating the originator of a transmis- 
sion and verifying the Integrity of the transmission ac- 
cording to the method of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

FIG. 1 illustrates an exemplary wireless commu- 
nication system 1 according to the present invention. 
The vnreless system 1 includes a messaging networic 
1 00 which serves as a platform for end-user services 
such as exchanging messages or mediating transac- 
tions t)etween subscribers. Each such subscriber will 
typically have a wireless device such as vidreless de- 
vice 150. As a result, the messaging network 100 will 
typically communicate with a large number of wtrdess 
devices even though FIG. 1 shows a single such de- 
vice 150 for simplicity of presentation. A system com- 
ponent, such as the wireless device 150, which trans- 
mits information via a wireless communication net- 
work generally may be referred to as a wireless trans- 
mitting unit 

Information is transferred to and from the mes- 
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saging network 100 via a wireless interface 130 ac- 
cording to a specified protocol. In FIG. 1, the messag- 
ing network 100 may be connected, for example, by 
an Ethernet format connection to the wireless inter- 
face 130, which serves as an interface between the 5 
messaging network 100 and a wireless network 140. 
A system component, such as the messaging network 
100, which receives information via a wireless net- 
work, may generally be referred to as a wireless re- 
ceiving unit The wireless network 140 may suitably io 
be a public packet radio network such as the RAM 
Mobile Data Network, the ARDIS Network, or any 
Cellular Digital Packet Data (CDPD) network. 

In the system 1, the transfer of information be- 
tween the wireless interface 130 and the wireless is 
network 140 occurs In either a connectionless or con- 
nection-oriented manner. The transfer of Infonmatfon 
between the wireless network 140 and the wireless 
device 150 takes place in a connecttonless manner 
according to a protocol specified by the particular 20 
wireless network 1 40. A connectionless transfer of in- 
formation may be distinguished from a session-ori- 
ented approach In which a "handshake* routine typi- 
cally takes place between the network and a user of 
or subscriber to the network. The handshake routine 25 
typically requires that the user be authenticated as le- 
gitimate at the beginning of a session, for example, by 
using a personal password that identifies the user. 
The user then sends messages, for example, to the 
network, after which the session is terminated. In a 30 
session-oriented approach, indivMual messages are 
not verified or authenticated. In contrast, a connec- 
tionless approach does not require that communica- 
tion between the user and network be initialized and 
terminated at some later time. Rather, the connec- 3S 
tiontess approach allows indh^lduat packets of infor- 
mation or data, which are self-cpntalned, to be sent to 
the network without prior negotiation and without pri- 
or confirmation of the user with the exception of a 
possible subscription agreement permitting the sub- 4o 
scriber to use the network. 

In FIG. 1, the wireless device 150 may be a per- 
sonal digital assistant (PDA) or personal communica- 
tee, or a device for use In a cellular telephone system, 
such as a digital cellular telephone. It is to be under- 45 
stood, however, that any device that is capable of 
transmitting and receiving appropriate signals over a 
wireless network may be used. In the discussbn that 
follows, it will be assumed that the device 150 fe a 
PDA having an data entry unit 160, such as a key- so 
board, keypad, stylus, orany other suitable means for 
entering data. 

In accordance with the present invention, each 
wireless device intended for use in the system 1, such 
as the wireless device 150. is assigned a unk)ue iden- 55 
tif ier or identification information. The identification 
information is stored in the device 150, for example, 
as an electronic serial number (ESN) 171 incorporat- 



ed into the device 150 at the time of manufacture. By 
way of example, the ESN 171 may be stored In a 
memory unit 170. Alternatively, the identification in- 
formation may be a user name, an account Mentlf ica- 
tion, an account name, or a service identification stor- 
ed in the memory unit 170. Additionally, each sub- 
scriber to the messaging network's services Is provid- 
ed with a unique private encryption key, K, for use as 
explained betow. The encryption key, K, is one that 
can be used with a secure encryption scheme. The 
key, K, may be, for example, a 5S-bit Data Encryption 
Standard (DES) key for use in a cryptosystem such 
as the one described in "Data Encryption Standards," 
Federal Information Processing Standard, Publica- 
tion No. 46, National Bureau of Standards, January 
1977. The private key, K, is entered into the device 
150, preferably in a manner not subject to tampering, 
and is stored for further use in a f ilia 172 in the mem- 
ory unit 170. The private key may be periodically up- 
dated to further increase its security. The private key, 
K, is intended for the private use of the subscriber 
alone and should not be disclosed to other individ- 
uals. 

In the wireless system 1, the messaging network 
100 and the wireless devk^e 150 each follow a mes- 
sage-oriented protocol, which resides on the messag- 
ing network 100 and the wireless device 150 in a re- 
ceh^er 105 and a transmitter 155, respectWely. Both 
the receh^er 105 and the transmitter 1 55 may suitably 
be, for example, a radio transceiver connected to a 
nrKKlenTL 

As indicated by FIG. 2, which shows an exerrv- 
plary message 200. each message transmitted by 
the wireless device 150 preferably contains three 
segments. A first segment 201 Includes the identifi- 
cation information that is retrieved from the memory 
unit 1 70 by the device 150, for example the electronk: 
serial number 1 71 . A second segment 203 includes a 
data packet that the subscriber wishes to send. Final- 
ly, a third segment 202 includes a digital signature as 
further explained below. A message, such as the 
message 200, containing the three segments 201, 
202 and 203, may be referred to as a signed mes- 
sage. 

FIG. 3 is a flow chart showing the steps of send- 
ing a message according to the method of the present 
invention. When the subscriber wishes to send a mes- 
sage via the wireless network 140 using the wireless 
device 150, the subscriber enters the message data 
into the device 150 as shown in step 300 of FIG. 3. 
The message data may be entered into the device 
150 by using the data entry unit 160 associated with 
the device 150. For example, the subscriber could en- 
ter the data into the device 150 by Using a keypad. 

Once the subscriber enters the message data 
that he wishes to transmit, a processor 162, such as 
a central processing unit, connected to the data entry 
unit 160 and to the transmitter 155, disassembles the 
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data Into smaller data packets, as shown In step 302. 
There will, therefore, typically be a plur^ity of pack- 
ets of data which, when reassembled, constitute the 
entire message that the user entered into the data en- 
try unit 160. These data packets may be temporarily 
stored in the memory unit 170 for further processing. 
It should be understood, however, that the complete 
message data.may be sent as one data packet Once 
the data packets are formed, the processor 162 re- 
trieves the key, K, from the file 172 and proceeds to 
generate and transnoit a signed message for each 
packet of data as explained in greater detail below* 
The processor 162 also controls the flow of informa- 
tion to and from other components in the wireless de- 
vice 150. 

As shown in step 305, the device 150 computes 
a hashed verston of a first data packet by applying a 
pre-defined hashing algorithm to the ftrst data packet 
tofonn hashed information. The hashing algorithm is 
executed by a hashing unit 161 connected to the proc^ 
essor 162. The hashing unit 161 may suitably be an 
etectronk: circuit which implements the pre-defined 
hashing algorithnt In an alternative embodiment, the 
hashing unit 161 may be a processor, such as a gen- 
eral purpose processor programmed with appropriate 
software, which implements the hashing algorithm. 
Such hashing algorithms and implementations there- 
of are well-known in the art and are described, for ex- 
ample, in •Secure Hash Standard," Federal Infbnma^ 
tion Processing Standard, Publication No. 180/XAB, 
National Bureau of Standards, May 11, 1993. The 
subject matter of this publication and the subject mat- 
ter clf ail other publications referred to herein are in- 
corporated by reference. 

Next, as shown in step 310 of RG. 3, the device 
1 50 computes an encrypted version of the hashed in- 
formation according to a primary encryption algo- 
rithm using the private key, K, to forni encrypted hash- 
ed information. The encrypted version of the hashed 
information is computed by a primary enayptfon unit 
1 63 connected to the processor 1 60. The primary en- 
cryption unit 163 may be an electronic circuit which 
Implements the primary encryption algorithm. Aconrv 
merdally available AT&T T7000 Data Encryption 
Processor is also suitable for use as the primary en- 
cryption unit 163. The primary encryption algorithm 
may be a DES encryption algorithm or some other 
suitable secure encryption algorithm that may be 
used with the private key, K. The encryptton unit 163 
is connected to the processor 160, for example, by 
control lines 164 which provide control signals to the 
encrypttori unit 163. Control signals indicate, for ex- 
ample, whether data or the key, K, is to be entered into 
the encryptton unit 1 63. Also, data lines 1 65 are used 
to transfer the plain and encrypted data between the 
encryption unit 163 and the processor 160. 

In an alternative ^bodiment, the encryption unit 
163 may be a processor, such as a general purpose 



processor programmed with appropriate software, 
which eno-ypts the hashed data according to the pri- 
mary encryption algorithm. Hardware and software 
implementations of encryptton algorithms are well- 

5 known in the art and are descn'bed more fully, for ex- 
ample, in "DES Modes of Operation," Federal Infor- 
mation Processing Standard, Publication No. 81, Na- 
tional Bureau of Standards. December 2, 1980, and 
•Guidelines For Implementing and Using The NBS 

10 Data Encryption Standard," Federal Informatfon' 
Processing Standards. Publication No. 74, National 
Bureau of Standards, April 1 , 1 981 . . 

The encrypted version of the hashed informatfon 
computed In step 310 is the digital signature referred 

IS to above. The digital signature, therefore, is obtained 
by applying the pris-deflned hashing algorithm and 
the prinrtary encryption algorithm to the*ffrst data 
packet, where the primary encryption algorithm uses 
the private encryption key, K. Once the device 150 

20 computes the digital signature for the first data pack- 
et, the processor 162 retrieves the identification In- 
fonmation stored as the ESN 171 as shown in step 
312. This Wentif ication information is included in the 
segment 201 of the signed message 200, and the first 

25 data packet is included in the segment 203. Next, as 
shown in step 315, the transmitter 155 transmits a 
signed message via the wireless networtc 140. 

The preferred order for transmitting the three 
segments 201-203 is to place the segment 201 con- 

30 taining the identification infonmation, which prefer- 
ably is of f bted length, at the front of the signed meSs- 
sage 200. The segment 203 containing the data pack- 
et, which may be of variable length, is placed at the 
end of the message 200. If, however, the segment 

35 203 is also of f bced length, then it is desirable to trans- 
mit it before the segment 202 containing the digital 
signature. Transmitting segments of fbted length at 
the front of the signed message makes it easier for 
the messaging unit 100 to determine where one seg- 

40 ment ends and another segment begins. Also, placing 
the segment 201 at the front of the signed message 
permits processing at the messaging network 100 to 
take place without unnecessary delay because the 
kJentif ication information in the segment 201 is need- 

4$ ed to begin processing the received message at the 
messaging network 100. It is to be understood, how- 
ever, that the segments 201-203 may be transmitted 
in any order in accordance with the present inventton; 
Also, in a preferred embodiment, the data packet 
50 which is contained in the third segment 203 is also 
transmitted in an encrypted form. After the processor 
1 60 has disassembled the message data into packets 
of data and prior to performing the step 305, the first 
data packet is enaypted using an encryption key, K2, 

55 that differs from the private key, K. For this purpose, 
a secondary encryption unit 166, connected to the 
processor 160, may be used. The secondary encryp- 
. tion unit 1 66 may be similar to the primary encryption 
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unit 163 and connected to the processor 162 in a sinr>- 
ilar manner The key, K2, may be stored in a file 173 
In the memory unit 170. One purpose of the encryp- 
tion perfonmed by the secondary encryption unit 166 
is to prevent unauthorized persons from intercepting 5 
the signed message and reading the contents of the 
data packet 

Once the signed message is transmitted via the 
wireless network 140, it is received by the wireless in- 
terface 130 and transmitted to the messaging net- io 
work 100, which receives the signed message In the 
receh^er 105 as shown In step 320. the received sign- 
ed message may be temporarily stored In a file 121 
in a memory unit 1 1 9 that is connected to the receiver 
105. <5 

The memory unit 119 also has a look-up table 120 
which stores the encryption key corresponding to 
each suk>scriber The look-up table allows the encryp- 
tion key corresponding to a particular subscriber to be 
retrieved based upon the identification information 20 
received in the segment 201 of the signed message. 
A processor 112, such as a central processing unit, is 
connected to the memory unit 119 and controls the 
flow of data to and from other units in the messaging 
network 100. In step 325, the processor 112 retrieves 25 
the encryptton key that corresponds to the kientif ica- 
tion information contained in the segment 201 of the 
signed message. If the Individual who used the device 
1 50 to send the signed message is a legitimate sub- 
scriber using a legitimate encryption key and a corre- so 
spending legitimate wireless device, then the key re- 
trieved by the messaging network 100 in the step 325 
is the same as the key, K. used by the subscriber to 
transmit the signed ntessage. 

Next, as shown in step 330, the messaging net- 35 
work 100 computes a hashed versk>n of the data 
packet received in the third segment 203 according to 
the same pre-defined hashing algorithm that was 
used by the device 150 in the step 305 to form hashed 
data. Executton of the hashing algorithm in the step 40 
330 may be performed by a hashing unit 11 1 connect- 
ed to the processor 112. The hashing unit 111 may 
suitably be an electronic circuit which implements the 
pre-defined hashing algorithm. In an alternative enr>- 
bodiment, the hashing unit 161 may be a processor, 45 
such as a general purpose processor progranuned 
with appropriate software, which implements the 
hashing algorithm. 

Next, in step 335, the messaging network 100 
computes an encrypted version of the hashed data, so 
to form ertcrypted hashed data. The encryption key 
retrieved in step 325 and an encryption algorithm are 
used to encrypt the hashed data. The encryption im- 
plemented in step 335 depends upon the key that Is 
retrieved from the database 119, which in turn de- 55 
pends upon the identification information that was re- 
ceived in the first segment 201 of the signed message 
200. If the subscriber and the devk:e 150 are legiti- 



mate, then the encryption algorithm used in the step 
310 and the primary encryptbn algorithm used in the 
step 335 are the same. 

An encryption unit 113, which is connected to the 
processor 112, executes the encryption algorithm In 
step 335 using the key retrieved from the meniory 
unit 119 according to known techniques in either hard- 
ware or software. The encryption unit 113 may be an 
electronic circuit which implements the primary en- 
cryption algorithm. A commercially available AT&T 
T7000 Data Encryption Processor is also suitable for 
use as the encryption unit 113. The encryption unit 
113 is connected to the processor 112, for example, 
by control lines 114 which provide control signals to 
the encryption unit 113. Control signals Indicate, for 
example, whether data or the retrieved key is to be 
entered Into the encryption device 163. Also, data 
lines 115 are used to transfer the plain and encrypted 
data between the encryption unit 113 and the proces- 
sor 112. In an alternative embodiment, theencryption 
unit 113 may be a processor, such as a general pur- 
pose processor programmed with appropriate soft- 
ware, which encrypts the hashed data according to 
the primary encryption algorithm 

In step 340, the messaging network 100 conn- 
pares the encrypted hashed data computed by it in 
step 335 to the digital signature contained in the sec- 
ond segment 202 of the received signed message 
200. Aconiparing unit 11 6. which may be an electron- 
ic comparing circuit and which is also connected to 
the processor 112, may be used to perform step 340. 
In an alternaUve embodiment, the comparing unit 118 
way be a general purpose processor programmed to 
compare the encrypted hashed data to the digital sig* 
nature. 

As shown in step 345, the next step depends 
upon the results of the comparison perfonmed in the 
step 340. If the encrypted hashed data computed by 
the messaging networic 100 Is the same as the re- 
ceived digital signature, then the subscriber and d&- 
vk:e 150 are authenticated as legitimate, and the in- 
tegrity of the received data packet is deemed to have 
been preserved during transmission. In step 350, the 
messaging network 1 00 proceeds to process the data 
received in the segment 203. For example, If the esr 
tablished protocol requires that the data packet con- 
tained in the third segment 203 be sent in an encrypt- 
ed form as explained above according to the prefer- 
red embodiment, then the messaging network 100 
decrypts the data using a decryption unit 118, con- 
nected to the processor 112. The decryption unit 118 
executes in hardware or software a decryption algo- 
rithm which retrieves the original data that was en- 
crypted by encryption unit 166. The decryption unit 
118 may be an electronic circuit or a processor, such 
as a general purpose processor programmed with ap- 
propriate software, which executes the decryption al- 
gorithm. Such decryption algorithms and decryption 
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devices are well-known in the art A commercially 
available AT&T T7000 Data Encryption Processor rs 
also suitable for use as the decryption unit 11B. 

tf, however, the encrypted hashed data computed 
in the step 335 and the received digital signature are 5 
not the same, then, as shown in step 355, the mes- 
saging netvrartc 100 provides a signal indicating that 
the data packet 200 Is rejected. 

Signed messages, incorporating the other data 
packets that virere formed by the processor 1 60 from io 
the original message data entered into the device 
1 50, are also transmitted by the device 150 and proc- 
essed by the network 100 according to the same 
method described in detail above. The network 100 
would then reassemble the data packets to recon- 15 
struct the complete message originally entered into 
the device 150 by the user. Finally, the messaging 
network 100 would process the complete message by 
sending the data to its ultimate destination if, for ex- 
ample, the message is an e-mail message, or by act- 20 
Ing upon it if, for example, the data is a control mes- 
sage to the messaging network 100. 

One advantage of the present invention is that it 
helps prevent fraudulent use of messaging or other 
services employing wireless networks. The present 25 
invention described above provides a means for kien- 
tifying the entity transmitting data over a wireless 
network. Furthermore, the present invention helps 
ensure that only authorized subscribers use the mes- 
saging network and that only legitimate devices are 30 
used to transmit messages to the messaging net- 
work. 

Another feature of the present invention is that it 
verifies the integrity of the received data. By verifying 
the integrity of the received data, the present inven- 35 
tion makes it more difficult for a party to deny having 
transmitted the data that was actually received. Thus, 
for example, when parties transact business via a 
wireless network, the present invention makes it more 
difficult for one of the parties to repudiate the trans- 40 
action by claiming that the information received was 
not the same as the infbnmation sent 

Other applications and arrangements within the 
spirit and scope of the present invention will be readily 
apparent to persons of ordinary skill in the art For ex- 45 
ample, although the present invention has been de- 
scribed in the context of a vra'eless convhunication 
system 1 in which a signed message is transmitted by 
the wireless devtee 150 to the messaging network 
100, the roles of the device 150 and the netv^rk 100 so 
may be reversed. In other words, the messaging net- 
work may serve as the wireless transmitting unit 
which sends a signed message, and the wireless de- 
vice may serve as the wo-eless receiving unit whfch 
receives and verifies the signed message* Further- 55 
more, other devices or system components whteh 
communk:ate via a wireless network may be config- 
ured for use in accordance with the present invention. 



The present invention is, therefore, limited only by the 
appended claims. 

Claims 

1 . A wireless communication system comprising: 

a wireless transmitting unit for transmit- 
ting a message via a wireless networic, saM mes- 
sage comprising: 

(a) a first segment including identification in- 
formatbn; 

(b) a second segment including a data packet; 
and 

(c) a third segment Including a digital signa- 
ture obtained by applying a hashing algorithm 
and an encryption algorithm to said data 
packet, v/here said encryption algorithm uses 
an encryption key corresponding to saki iden- 
tification Information; 

a wireless network; and 

a wireless receding unit comprising: 

(a) means for receiving said message; 

(b) a memory unit for storing the encryption 
key corresponding to said Mentification infor- 
mation; 

(c) a hashing unitfor hashing said data packet 
according to said hashing algorithm to form 
hashed data; 

(d) an encryption unit for forming encrypted 
hashed data by applying said encryption algo- 
rithm to said hashed data using said encryp- 
tion key; 

(e) a comparing unit for comparing said en- 
crypted hashed data to said digital signature; 
and 

(f) a processor for controlling the flow of data 
to and from other components in said wireless 
receiving unit 

2. The system of dalm 1 v^rherein the wnreless trans- 
mitting unit comprises: 

(a) a data entry unit for entering message 
data, comprising said data packet, into said 
wireless transmitting unit; 

(b) a memory unit for storing saW encryptfon 
key and said identification infbnmation; 

(c) a hashing unitfor hashing said data packet 
according to said hashing algorithm to form 
hashed information; 

(d) an encryption unit for forming said digital 
signature by applying said encryption algo- 
rithm to said hashed information; and 

(e) a processor for coritrollinij'the flow of infor- 
mation to and from other components in sakJ 
wireless transmitting unit 

3. The system of daim 2 wherein the memory unit 
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of said wireless transmitting unit stores the iden- 
tification information as an electronic serial nunv 
ber 

4. The system of daim 3 wherein the memory unit 5 
in said wireless receiving unit stores said encryp- 
tion key in a look-up table. 

5. The system of daim 4 wherein the hashing unit in 

the wireless transmitting unit and the hashing io 
unit in the wireless receiving unit are electronic 
circuits. 

6. The system of daim 4 wherein the encryption unit 

in the wireless transmitting unit and the encryp- is 
tion unit In the wireless receiving unit are elec- 
tronic drcuits. 

7. The system of daim 4 v\^erein said processor is 
programmed to disassemble said message data 20 
into a plurality of data packets. 

8. A method of identifying a user of a wireless com- 
munication system and verifying the Integrity of 
data transmitted in said communication system, 25 
said method comprising the steps of: 

sending a message va a wireless net- 
work, where said message comprises: 

(a) a first segment induding identification in- 
fomnation; 30 

(b) a second segment induding a data packet; 
and 

(c) a third segment induding a digital signa- 
ture obtained by applying a hashing algorithm 

and an encryption algorithm to saki data 35 
packet, where said encryption algorithm uses 
a private encryption key; 
receiving said message; 
hashing said data packet according to said 
hashing algorithm to fonm hashed data after per- 40 
forming the step of receiving said message; 

encrypting said hashed data with said en- 
cryption algorithm and said encryption key to 
form encrypted hashed data; and 

comparing said digital signature to the en- 45 
crypted hashed data so as to verify the integrity 
of the data packet 

9. Amethod of verifying the integrity of a data pack- 
et transmitted via a wireless communicatfon net- so 
work, said method comprising the steps of: 

hashing the data packet according to a 
hashing algorithm to form hashed information; 

encrypting the hashed information with an 
encryption algorithm using a private encryption ss 
key to fonm a digital signature; 

retrieving kJentification information; 

transmitting a signed message via a wire- 



less network; 

receh^ing said signed message; 

hashing said data packet according to sakJ 
hashing algorithm to forni hashed data after per- 
forming the step of receding said signed mes- 
sage; 

enaypting said hashed data with said en- 
cryption algorithm and said encryption key to 
form encrypted hashed data; and 

comparing said digital signature b the en- 
crypted hashed data so as to verify the integrity 
of the data packet 

10. A method of sending a message via a wireless 
network, said method comprising the steps of: 

entering message data into a wireless 
transmitting unit; 

disassembling said message data into a 
plurality of data packets; 

performing for each data packet the steps 

of. 

(a) hashing the data packet according to a 
hashing algorithm to form hashed informa- 
tion; 

(b) enaypting the hashed information v^th an 
encryption algorithm using a private encryp- 
tion key to form a digital signature; 

(c) retrieving identification information; 

(d) transmitting a signed message via a wire- 
less network; 

(d) receiving said signed message; 

(e) hashing said data packet according to said 
hashing algorithm to form hashed data after 
performing the step of receiving said signed 
message; 

(Q encrypting said hashed data with said en* 
cryption algorithm and said encryption key to 
form encrypted hashed data; and 
(g) comparing said digital signature to the en- 
crypted hashed data so as to verify the integ- 
rity of the data packet after said message is 
receh^ed; and 

reassembling said plurality of data pack- 
ets to reconstruct said message data 

11. The method of daim 9 or 10 wherein the step of 
transmitting a signed message comprises the 
step of transmitting a message having: 

(a) a first segment including said kientif {ca- 
tion informatton; 

(b) a second segment induding said data 
packet; and 

(c) a third segment induding said digital sig- 
nature. 

12. The method of daim 11 wherein the stepof trans- 
nnitting a signed message further comprtees the 
step of sending said first segment at the front of 
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said signed message. 

13. The method of daim 8 or 12 further Induding the 
step of retrieving the emxyption key after per- 
forming the step of receiving said message, 

14. The method of daim 13 wherein the step of re- 
trieving the encryption key comprises the step of 
retrieving said encryption key based upon said 
identificatton Information. 
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